Shaun,
* Shaun Thomas (sthomas@optionshouse.com) wrote:
> We're wanting to implement a more secure password policy, and so
> have considered switching to LDAP/Active Directory for passwords.
Don't use the LDAP side of AD, use the Kerberos side. Using LDAP for
auth against AD is terrible and is only available because of backwards
compatibility for broken, non-Kerberized applications. AD and Kerberos
and PostgreSQL play very well these days and provides for true SSO.
Thanks,
Stephen